Nothing Special   »   [go: up one dir, main page]

US10769333B1 - System, method, and computer program product for debugging one or more observable failures in a formal verification - Google Patents

System, method, and computer program product for debugging one or more observable failures in a formal verification Download PDF

Info

Publication number
US10769333B1
US10769333B1 US16/148,203 US201816148203A US10769333B1 US 10769333 B1 US10769333 B1 US 10769333B1 US 201816148203 A US201816148203 A US 201816148203A US 10769333 B1 US10769333 B1 US 10769333B1
Authority
US
United States
Prior art keywords
violation
trace
user interface
computer
graphical user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
US16/148,203
Inventor
Maayan Ziv
Nizar Hanna
Sanaa Halloun
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Cadence Design Systems Inc
Original Assignee
Cadence Design Systems Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cadence Design Systems Inc filed Critical Cadence Design Systems Inc
Priority to US16/148,203 priority Critical patent/US10769333B1/en
Assigned to CADENCE DESIGN SYSTEMS, INC. reassignment CADENCE DESIGN SYSTEMS, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: HALLOUN, SANAA, HANNA, NIZAR, ZIV, MAAYAN
Application granted granted Critical
Publication of US10769333B1 publication Critical patent/US10769333B1/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F30/00Computer-aided design [CAD]
    • G06F30/30Circuit design
    • G06F30/32Circuit design at the digital level
    • G06F30/33Design verification, e.g. functional simulation or model checking
    • G06F30/3323Design verification, e.g. functional simulation or model checking using formal methods, e.g. equivalence checking or property checking
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F30/00Computer-aided design [CAD]
    • G06F30/30Circuit design

Definitions

  • the present disclosure relates to electronic design verification, and more specifically, to a method for filtering one or more failures in a formal verification.
  • Formal verification relies upon a system of constraints to communicate the legal state space to the proof engines.
  • Prelayout design rule checking sometimes referred to as linting, may produce many checks out of which a large number of violations might be reported.
  • Designers are often unhappy with the large number of violations that such tools report and would like the tools to filter noise more adequately.
  • Violation debugging focuses on the root cause of the violation (e.g., going backward from the violation point). For example, determining what conditions led to an arithmetic overflow in the design. However, observable violations debugging focuses on how and why the violation reached a boundary (e.g., going forward from the violation point). For example, what are the conditions that led to the arithmetic overflow and/or reaching a design boundary.
  • a computer-implemented method for electronic design verification may include providing, using a processor, an electronic design and determining one or more design violations based upon, at least in part, a structural observability filter.
  • the method may also include generating a violation trace based upon, at least in part, the one or more design violations and displaying the violation trace at a graphical user interface configured to allow a user to debug the one or more design violations.
  • the method may further include allowing the user to select at least one path to be waived at the graphical user interface and generating a new violation trace without the at least one path to be waived.
  • the method may include allowing the user to correct a violation at the graphical user interface.
  • the violation trace may include a violation starting point and at least one boundary signal. Allowing the user to select at least one path to be waived at the graphical user interface may include a plurality of paths.
  • the method may include allowing the user to debug beginning at the boundary signal after the new violation trace without the at least one path to be waived is generated.
  • the method may further include displaying the at least one boundary signal at the graphical user interface.
  • the method may also include displaying at least a portion of the violation trace at the graphical user interface.
  • Operations may include may include providing, using a processor, an electronic design and determining one or more design violations based upon, at least in part, a structural observability filter. Operations may also include generating a violation trace based upon, at least in part, the one or more design violations and displaying the violation trace at a graphical user interface configured to allow a user to debug the one or more design violations. Operations may further include allowing the user to select at least one path to be waived at the graphical user interface and generating a new violation trace without the at least one path to be waived.
  • the method may include allowing the user to correct a violation at the graphical user interface.
  • the violation trace may include a violation starting point and at least one boundary signal. Allowing the user to select at least one path to be waived at the graphical user interface may include a plurality of paths.
  • Operations may include allowing the user to debug beginning at the boundary signal after the new violation trace without the at least one path to be waived is generated. Operations may further include displaying the at least one boundary signal at the graphical user interface. Operations may also include displaying at least a portion of the violation trace at the graphical user interface.
  • a system for electronic design verification may include a computing device having at least one processor configured to provide an electronic design and determine one or more design violations based upon, at least in part, a structural observability filter.
  • the at least one processor may be further configured to generate a violation trace based upon, at least in part, the one or more design violations and to display the violation trace at a graphical user interface configured to allow a user to debug the one or more design violations.
  • the at least one processor may be further configured to allow the user to select at least one path to be waived at the graphical user interface and to generate a new violation trace without the at least one path to be waived.
  • the at least one processor may be configured to allow the user to correct a violation at the graphical user interface.
  • the violation trace may include a violation starting point and at least one boundary signal. Allowing the user to select at least one path to be waived at the graphical user interface may include a plurality of paths.
  • the at least one processor may be configured to allow the user to debug beginning at the boundary signal after the new violation trace without the at least one path to be waived is generated.
  • the at least one processor may be configured to display the at least one boundary signal at the graphical user interface.
  • FIG. 1 is a diagram depicting an embodiment of a system in accordance with the present disclosure
  • FIG. 2 is a flowchart depicting operations consistent with the debugging process in accordance with an embodiment of the present disclosure
  • FIG. 3 is a flowchart depicting operations consistent with the debugging process in accordance with an embodiment of the present disclosure
  • FIG. 4 is a diagram depicting an embodiment in accordance with the present disclosure.
  • FIG. 5 is a diagram depicting an embodiment in accordance with the present disclosure.
  • FIG. 6 is a diagram depicting an embodiment in accordance with the present disclosure.
  • FIG. 7 is a diagram depicting an embodiment in accordance with the present disclosure.
  • FIG. 8 is a flowchart depicting operations consistent with the debugging process in accordance with an embodiment of the present disclosure
  • FIG. 9 is an embodiment depicting a graphical user interface in accordance with the present disclosure.
  • FIG. 10 is an embodiment depicting a graphical user interface in accordance with the present disclosure.
  • FIG. 11 is an embodiment depicting a graphical user interface in accordance with the present disclosure.
  • FIG. 12 is an embodiment depicting a graphical user interface in accordance with the present disclosure.
  • Embodiments of the debugging process described herein may help the user in the debugging process of observable violations.
  • Embodiments included herein may be configured to show the user relevant paths (e.g., from violation point to the boundary), offering a step-by-step debugging of each path while also providing the user with the option of waiving paths.
  • the present disclosure may be embodied as a method, system, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment (including firmware, resident software, micro-code, etc.) or an embodiment combining software and hardware aspects that may all generally be referred to herein as a “circuit,” “module” or “system.” Furthermore, the present disclosure may take the form of a computer program product on a computer-usable storage medium having computer-usable program code embodied in the medium.
  • circuitry may include, for example, singly or in any combination, hardwired circuitry, programmable circuitry, state machine circuitry, and/or firmware that stores instructions executed by programmable circuitry. It should be understood at the outset that any of the operations and/or operative components described in any embodiment herein may be implemented in software, firmware, hardwired circuitry and/or any combination thereof.
  • the computer readable medium may be a computer readable signal medium or a computer readable storage medium.
  • a computer-usable, or computer-readable, storage medium (including a storage device associated with a computing device or client electronic device) may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing.
  • the computer-readable medium may include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device.
  • a computer-usable, or computer-readable, storage medium may be any tangible medium that can contain, or store a program for use by or in connection with the instruction execution system, apparatus, or device.
  • a computer readable signal medium may include a propagated data signal with computer readable program coded embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof.
  • a computer readable signal medium may be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
  • Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
  • Computer program code for carrying out operations of the present invention may be written in an object oriented programming language such as Java, Smalltalk, C++ or the like. However, the computer program code for carrying out operations of the present invention may also be written in conventional procedural programming languages, such as the “C” programming language or similar programming languages.
  • the program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server.
  • the remote computer may be connected to the user's computer through a local area network (LAN) or a wide area network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet Service Provider).
  • LAN local area network
  • WAN wide area network
  • Internet Service Provider for example, AT&T, MCI, Sprint, EarthLink, MSN, GTE, etc.
  • These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instructions which implement the function/act specified in the flowchart and/or block diagram block or blocks.
  • the computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
  • One or more hardware description languages may be used in accordance with the present disclosure.
  • Some hardware description languages may include, but are not limited to, Verilog, VHDL, SystemC, SystemVerilog and Verilog-AMS.
  • Various other hardware description languages may also be used as well.
  • server computer 12 may be connected to network 14 (e.g., the Internet or a local area network).
  • server computer 12 may include, but are not limited to: a personal computer, a server computer, a series of server computers, a mini computer, and a mainframe computer.
  • Server computer 12 may be a web server (or a series of servers) running a network operating system, examples of which may include but are not limited to: ANDROIDTM, iOSTM Microsoft® Windows® Server; Novell® NetWare®; or Red Hat® Linux®, for example.
  • debugging process 10 may reside on and be executed, in whole or in part, by a client electronic device, such as a personal computer, notebook computer, personal digital assistant, or the like.
  • Storage device 16 may include but is not limited to: a hard disk drive; a solid state drive, a tape drive; an optical drive; a RAID array; a random access memory (RAM); and a read-only memory (ROM).
  • Storage device 16 may include various types of files and file types including but not limited, to hardware description language (HDL) files, which may contain the port type descriptions and executable specifications of hardware blocks.
  • HDL hardware description language
  • Server computer 12 may execute a web server application, examples of which may include but are not limited to: Microsoft IIS, Novell WebserverTM, or Apache® Webserver, that allows for HTTP (i.e., HyperText Transfer Protocol) access to server computer 12 via network 14
  • Webserver is a trademark of Novell Corporation in the United States, other countries, or both
  • Apache is a registered trademark of Apache Software Foundation in the United States, other countries, or both.
  • Network 14 may be connected to one or more secondary networks (e.g., network 18 ), examples of which may include but are not limited to: a local area network; a wide area network; or an intranet, for example.
  • Server computer 12 may execute an electronic design automation (EDA) application (e.g., EDA application 20 ), examples of which may include, but are not limited to those available from the assignee of the present application.
  • EDA application 20 may interact with one or more EDA client applications (e.g., EDA client applications 22 , 24 , 26 , 28 ) for electronic design optimization.
  • Debugging process 10 may be a stand alone application, or may be an applet/application/script that may interact with and/or be executed within EDA application 20 .
  • debugging process 10 may be a client-side process (not shown) that may reside on a client electronic device (described below) and may interact with an EDA client application (e.g., one or more of EDA client applications 22 , 24 , 26 , 28 ).
  • debugging process 10 may be a hybrid server-side/client-side process that may interact with EDA application 20 and an EDA client application (e.g., one or more of client applications 22 , 24 , 26 , 28 ).
  • debugging process 10 may reside, in whole, or in part, on server computer 12 and/or one or more client electronic devices.
  • the instruction sets and subroutines of EDA application 20 which may be stored on storage device 16 coupled to server computer 12 may be executed by one or more processors (not shown) and one or more memory modules (not shown) incorporated into server computer 12 .
  • the instruction sets and subroutines of EDA client applications 22 , 24 , 26 , 28 which may be stored on storage devices 30 , 32 , 34 , 36 (respectively) coupled to client electronic devices 38 , 40 , 42 , 44 (respectively), may be executed by one or more processors (not shown) and one or more memory modules (not shown) incorporated into client electronic devices 38 , 40 , 42 , 44 (respectively).
  • Storage devices 30 , 32 , 34 , 36 may include but are not limited to: hard disk drives; solid state drives, tape drives; optical drives; RAID arrays; random access memories (RAM); read-only memories (ROM), compact flash (CF) storage devices, secure digital (SD) storage devices, and a memory stick storage devices.
  • client electronic devices 38 , 40 , 42 , 44 may include, but are not limited to, personal computer 38 , laptop computer 40 , mobile computing device 42 (such as a smart phone, netbook, or the like), notebook computer 44 , for example.
  • client applications 22 , 24 , 26 , 28 users 46 , 48 , 50 , 52 may access EDA application 20 and may allow users to e.g., utilize debugging process 10 .
  • Users 46 , 48 , 50 , 52 may access EDA application 20 directly through the device on which the client application (e.g., client applications 22 , 24 , 26 , 28 ) is executed, namely client electronic devices 38 , 40 , 42 , 44 , for example. Users 46 , 48 , 50 , 52 may access EDA application 20 directly through network 14 or through secondary network 18 . Further, server computer 12 (i.e., the computer that executes EDA application 20 ) may be connected to network 14 through secondary network 18 , as illustrated with phantom link line 54 .
  • client application e.g., client applications 22 , 24 , 26 , 28
  • client electronic devices 38 , 40 , 42 , 44 for example.
  • Users 46 , 48 , 50 , 52 may access EDA application 20 directly through network 14 or through secondary network 18 .
  • server computer 12 i.e., the computer that executes EDA application 20
  • the various client electronic devices may be directly or indirectly coupled to network 14 (or network 18 ).
  • personal computer 38 is shown directly coupled to network 14 via a hardwired network connection.
  • notebook computer 44 is shown directly coupled to network 18 via a hardwired network connection.
  • Laptop computer 40 is shown wirelessly coupled to network 14 via wireless communication channel 66 established between laptop computer 40 and wireless access point (i.e., WAP) 68 , which is shown directly coupled to network 14 .
  • WAP 68 may be, for example, an IEEE 802.11a, 802.11b, 802.11g, Wi-Fi, and/or Bluetooth device that is capable of establishing wireless communication channel 66 between laptop computer 40 and WAP 68.
  • Mobile computing device 42 is shown wirelessly coupled to network 14 via wireless communication channel 70 established between mobile computing device 42 and cellular network/bridge 72 , which is shown directly coupled to network 14 .
  • IEEE 802.11x may use Ethernet protocol and carrier sense multiple access with collision avoidance (i.e., CSMA/CA) for path sharing.
  • the various 802.11x specifications may use phase-shift keying (i.e., PSK) modulation or complementary code keying (i.e., CCK) modulation, for example.
  • PSK phase-shift keying
  • CCK complementary code keying
  • Bluetooth is a telecommunications industry specification that allows e.g., mobile phones, computers, and personal digital assistants to be interconnected using a short-range wireless connection.
  • Client electronic devices 38 , 40 , 42 , 44 may each execute an operating system, examples of which may include but are not limited to Microsoft Windows, Microsoft Windows CE®, Red Hat Linux, or other suitable operating system.
  • Microsoft Windows is a registered trademark of Microsoft Corporation in the United States, other countries, or both.
  • Windows CE is a registered trademark of Microsoft Corporation in the United States, other countries, or both.
  • debugging process 10 may utilize structural observability filtering approaches. These may include providing an electronic design and performing formal verification of at least a portion of the electronic design having an original property. Embodiments may further include analyzing at least one output net bit associated with a check of the electronic design. Embodiments may also include generating a structural observability expression, based upon, at least in part, the at least one output net bit and setting the structural observability expression as a precondition to the original property. Additional information regarding structural observability filtering may be found in U.S. application Ser. No. 15/808,094 filed on Nov. 9, 2017, which is herein incorporated by reference in its entirety.
  • prelayout design rule checking may produce many checks out of which a large number of violations might be reported.
  • Designers are often unhappy with the large number of violations that such tools report and would like the tools to filter noise more adequately.
  • a rule or check may refer to an algorithm that is configured to verify a specific potential violation in the RTL. Part of those checks may be based on structural analysis while others are using formal methods to verify and report violations.
  • the observability filtering may be related to formal check types (e.g., assertions, etc.).
  • the check types applying this filter may include, but is not limited to, arithmetic overflow checks, out of bound checks, bus contention checks, floating bus checks, x assignment checks, unreachable default case checks, etc. Each of these is discussed in further detail below.
  • an arithmetic overflow check may be configured to confirm that the RTL contains no errors that could cause the array to overflow. For example, in the following code snippet, the value of out must never fold to 4 b0000 when you add 1 b1:
  • a violation indicates an RTL error, which may cause the array to overflow.
  • an out-of-bound indexing check may be configured to confirm that expressions and arrays are indexed within the defined range. For example, in the following code snippet, the index i must be in the range from 0 to 3:
  • a violation might indicate an RTL error, which can cause indexing of an undefined element in the array.
  • a bus contention check may be configured to check for a scenario where more than one active driver for the bus is present.
  • a floating bus check may be configured to check for a scenario where a bus is without a driver.
  • An x assignment check may be configured to confirm that x variables cannot be reached. If an x-assignment is reachable, it becomes an active source of x, and can lead to unexpected functionality.
  • An unreachable default case check may be configured to confirm that default case statements cannot be reached. Violations could be the result of an incompletely specified case.
  • one or more filters may be configured to filter failed assertions if a failure is not observed on the nearest registers (e.g., flop/latch) or on the primary outputs.
  • debugging process 10 including the structural observability filter technology described herein, may be configured to calculate the SystemVerilog (“SVA”) expression for the observability of the check output and add it to the assertion as a precondition. Accordingly, all the non-observed failures may be filtered.
  • SVA SystemVerilog
  • debugging process 10 may include a structural observability filter configured to perform structural analysis starting from the checks output net bit and to calculate the structural observability expression for all of the nearest flops, latches and primary outputs.
  • these calculations may consider all Muxes selectors in the paths as well as local expressions of AND, OR, NAND, and/or NOR statements if the designer is grading the failure by masking the statement with AND for example, then the solution will consider this in the filtering expression.
  • the structural observability filter may calculate the observability expression “cond1 & cond2” and modify the assertion to: “(cond1 && cond2)
  • the solution considers for the observability condition all the conditions of the Muxes to all paths and also the local conditions with and, or . . . etc. masking.
  • only the propagated failures may be reported while the non-propagated assertions will pass.
  • each arithmetic operation may cause an overflow/underflow.
  • the index-signal may overflow from the bounds of the array, that would be replaced by an ‘x’ value.
  • the customer may have resolved the issue of using the wrong values by masking the reading of the output signal value by conditions. As such, the overflow will not propagate to a flop/latch or primary-output. Accordingly, the counterexamples (“CEXs”) of these cases are noise that should be filtered.
  • debugging process 10 may include traversing on one or more outputs of the operations. Building the observability expression which includes all conditions on Muxes, selectors and some local gates which are common coding style for masking overflows (e.g., AND, OR, NAND, NOR, etc.). Debugging process 10 may be configured to consider multiple paths for propagation (e.g., path1, path2, or pathN). Debugging process 10 may be configured to stop on one or more boundaries. Some of these may include, but are not limited to, flop, latch, primary output, black box input, etc. In each step the expression may be built and optimized using binary decision diagrams (“BDDs”). The final observability expression “E” may be added as a precondition to the original property “P”: E
  • BDDs binary decision diagrams
  • debugging process 10 may include analyzing at least one output net bit associated with a check of the electronic design.
  • Some checks may include, but are not limited to, arithmetic checks, out of bound indexing, x-assignment unreachability, etc. Any arithmetic check may be used in accordance with this disclosure, some of which may include, but are not limited to, a MUX, selector, AND, OR, NAND, NOR gate, etc.
  • Operations may include providing ( 202 ), using at least one processor, an electronic design and performing ( 204 ) formal verification of at least a portion of the electronic design having an original property of potential x-value/z-value/overflow (underflow) bits.
  • Embodiments may further include analyzing ( 206 ) all output net-bits associated with the arithmetic operation, non-constant indexing, floating bus and/or multi-driven signal of the electronic design.
  • Embodiments may also include generating ( 208 ) a structural observability expression, based upon, at least in part, the at least one output net bit and setting ( 210 ) the structural observability expression as antecedent and the original property as consequent.
  • the observability-expression may correspond to the original-expression-of-the-check.
  • FIG. 3 a diagram 300 depicting an example consistent with embodiments of debugging process 10 is provided.
  • CEX counterexample
  • Embodiments of debugging process 10 provide numerous advantages over prior techniques.
  • the structural observability filter may reduce the noise with much higher performance and less time than other formal and functional methods.
  • Current implementations don't filter violations based on observability.
  • Other techniques check for the observability by functional and formal propagation methods which takes much more time and performance.
  • Debugging process 10 may be configured to help debug observable violations by path highlighting and path waiving.
  • Debugging process 10 may include providing 402 , using a processor, an electronic design and determining 404 one or more design violations based upon, at least in part, a structural observability filter.
  • Embodiments may also include generating 406 a violation trace based upon, at least in part, the one or more design violations and displaying 408 the violation trace at a graphical user interface configured to allow a user to debug the one or more design violations.
  • Embodiments may further include allowing 410 the user to select at least one path to be waived at the graphical user interface and generating 412 a new violation trace without the at least one path to be waived.
  • embodiments of debugging process 10 may be configured to allow a user to debug observable violations.
  • Debugging process 10 may operate in conjunction with EDA application 20 to filter ignorable violations. Accordingly, embodiments included herein may generate properties with an observability condition.
  • the observability condition may be used to check whether or not the design error propagates to a boundary (e.g., flop, latch, primary output, black-box input).
  • an “Observable Violation” may refer to a failed assertion (P) with an observability condition (OBS).
  • embodiments of debugging process 10 may allow a user to debug the observable violation using a trace that represents one possible scenario where P propagated to a boundary.
  • FIGS. 5-7 embodiments of the present disclosure showing an example debugging process 10 are provided.
  • the debugging of an observable violation may be performed on a failure trace using a register-transfer-level (“RTL”) debug tool (e.g., EDA application 20 ) with driver tracing capabilities.
  • RTL register-transfer-level
  • debugging process 10 may be configured to allow for path debugging using a failure trace. In this way, when a trace is available, it shows a scenario where the violation propagated to some boundary. The user may want to know what boundaries were affected and how. Once the trace is available, debugging process 10 may be configured to check the paths against the given trace, following the paths which evaluate to true in the given trace and extracting the boundaries (end points of the paths). Paths that did not evaluate to true on the given trace may be ignored. The boundary signals may be added to the trace and visible to the user in the RTL debug tool (e.g., EDA application 20 ).
  • the RTL debug tool e.g., EDA application 20
  • the user may now debug a path starting from the boundary signal using driver tracing, and debugging process 10 may hint which signal on the path is the next to debug.
  • debugging process 10 may hint which signal on the path is the next to debug. This provides the user with a step-by-step path debugging process, starting from the boundary where the failure is visible, back to the starting point of the failure.
  • debugging process 10 showing an example having multiple paths between a violation starting point and one or more boundary signals.
  • Debugging process 10 is based on the observability condition of the violation. Since it is structurally composed of all the paths of the propagation (e.g., path1 or path2 . . . or pathN). In this particular example eight paths are shown that start from the violation starting point (e.g., red node) and end at the boundary signals (e.g., two yellow nodes).
  • all paths may be evaluated against the trace. Only the paths which evaluated to true may be reported back to the user. In this example, there are only two paths which lead to the same boundary (e.g., purple nodes).
  • debugging process 10 showing an example having multiple paths between a violation starting point and one or more boundary signals.
  • the user may be shown where to debug next, here depicted by the numbered nodes #1-3, etc. Tracing back step-by-step EDA application 20 may hint and assist the user in reaching the violation point (red node).
  • the user may determine a path is false or irrelevant during the debugging and embodiments included herein may allow the user to waive a path and get a new failure trace (if exists) which again may highlight the relevant boundary signals and the paths that are valid based on the new trace. This may be achieved by creating a new observability condition that excludes the waived path.
  • the process may be iterative in nature as the user may continue to debug and waive, until either a real bug is found or the violation is no longer generated. In other words, and as shown in FIG. 7 , a new trace may be generated and the user may continue with the debugging until a true failure is located and fixed or until all paths are waived (e.g., the property will be proven).
  • a flowchart 800 showing a number of operations consistent with embodiments of debugging process 10 is provided.
  • the user decided one or more paths are irrelevant and waives them.
  • a new property may be created excluding the waived paths. If the property is proven, the user may stop the debugging process. If not, a new trace will be generated. If a new trace was generated, the user may continue in the debugging process until a true failure is found (and fixed), or until all paths are waived (property will be proven).
  • a user may select one or more violations for analysis (e.g., via EDA application 20 ) from a portion of a graphical user interface 900 .
  • the graphical user interface 1000 may display all boundary signals at interface 1000 , which may also be configured to show the violation cycle, propagation cycle (to the boundary), etc.
  • the boundary signal in this example may refer to a particular flop.
  • the propagation cycle may be highlighted for the user to review.
  • FIG. 12 shows the user that the specific violation is an arithmetic overflow and presents that to the user at graphical user interface 1200 .
  • a user may be presented with a violation as is shown in the GUI portion of FIG. 9 .
  • the user may select the violation and a corresponding trace may be shown in FIG. 10 .
  • This trace shows the boundary signal/s the violation propagated to.
  • a cycle in the trace may be highlighted with red to denote the user, this is the cycle to start the debugging process.
  • the user may then select the cycle and perform a “why” operation.
  • a “why” operation may perform driver tracing to show why a specific signal received a certain value at a certain time, based on the given trace and the RTL itself.
  • FIG. 11 displays the starting of the path (from the boundary back to the violation starting point). The user may continue to view the path and trace it back to the violation starting point as is shown in FIG. 12 .
  • embodiments of debugging process 10 may offer forward debugging by backward debugging methods.
  • Embodiments included herein are structurally-based, and may provide all the possible paths for a given violation trace while also allowing the user to traverse the path incrementally.
  • Embodiments of debugging process 10 may also enable waiving of one path or more, to filter out irrelevant paths, so the user may obtain a real trace for debugging or verify that the violation is not a design error.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Evolutionary Computation (AREA)
  • Geometry (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The present disclosure relates to a method for electronic design verification. Embodiments may include providing, using a processor, an electronic design and determining one or more design violations based upon, at least in part, a structural observability filter. Embodiments may also include generating a violation trace based upon, at least in part, the one or more design violations and displaying the violation trace at a graphical user interface configured to allow a user to debug the one or more design violations. Embodiments may further include allowing the user to select at least one path to be waived at the graphical user interface and generating a new violation trace without the at least one path to be waived.

Description

TECHNICAL FIELD
The present disclosure relates to electronic design verification, and more specifically, to a method for filtering one or more failures in a formal verification.
DISCUSSION OF THE RELATED ART
Formal verification relies upon a system of constraints to communicate the legal state space to the proof engines. Prelayout design rule checking, sometimes referred to as linting, may produce many checks out of which a large number of violations might be reported. Designers are often unhappy with the large number of violations that such tools report and would like the tools to filter noise more adequately.
In a tool that generates design violations (e.g., assertion failures) for the user to analyze, it is important to report on real violations and filter bogus or noisy violations. One of the existing solutions involves structural observability filtering, which filters violations that didn't reach any boundary (e.g., flop, latch, primary output or black-box input). The tool will report on what are referred to as observable violations, violations that reached some boundary, which the user needs to debug further.
Violation debugging focuses on the root cause of the violation (e.g., going backward from the violation point). For example, determining what conditions led to an arithmetic overflow in the design. However, observable violations debugging focuses on how and why the violation reached a boundary (e.g., going forward from the violation point). For example, what are the conditions that led to the arithmetic overflow and/or reaching a design boundary. Today, there is no automatic way to do forward debugging, it requires that the user perform excessive manual work, following the source code, with minimal/no hints on which path to follow.
SUMMARY OF DISCLOSURE
In one or more embodiments of the present disclosure, a computer-implemented method for electronic design verification is provided. The method may include providing, using a processor, an electronic design and determining one or more design violations based upon, at least in part, a structural observability filter. The method may also include generating a violation trace based upon, at least in part, the one or more design violations and displaying the violation trace at a graphical user interface configured to allow a user to debug the one or more design violations. The method may further include allowing the user to select at least one path to be waived at the graphical user interface and generating a new violation trace without the at least one path to be waived.
One or more of the following features may be included. In some embodiments, the method may include allowing the user to correct a violation at the graphical user interface. The violation trace may include a violation starting point and at least one boundary signal. Allowing the user to select at least one path to be waived at the graphical user interface may include a plurality of paths. The method may include allowing the user to debug beginning at the boundary signal after the new violation trace without the at least one path to be waived is generated. The method may further include displaying the at least one boundary signal at the graphical user interface. The method may also include displaying at least a portion of the violation trace at the graphical user interface.
In one or more embodiments of the present disclosure a computer-readable storage medium having stored thereon instructions, which when executed by a processor result in one or more operations is provided. Operations may include may include providing, using a processor, an electronic design and determining one or more design violations based upon, at least in part, a structural observability filter. Operations may also include generating a violation trace based upon, at least in part, the one or more design violations and displaying the violation trace at a graphical user interface configured to allow a user to debug the one or more design violations. Operations may further include allowing the user to select at least one path to be waived at the graphical user interface and generating a new violation trace without the at least one path to be waived.
One or more of the following features may be included. In some embodiments, the method may include allowing the user to correct a violation at the graphical user interface. The violation trace may include a violation starting point and at least one boundary signal. Allowing the user to select at least one path to be waived at the graphical user interface may include a plurality of paths. Operations may include allowing the user to debug beginning at the boundary signal after the new violation trace without the at least one path to be waived is generated. Operations may further include displaying the at least one boundary signal at the graphical user interface. Operations may also include displaying at least a portion of the violation trace at the graphical user interface.
In one or more embodiments of the present disclosure, a system for electronic design verification is provided. The system may include a computing device having at least one processor configured to provide an electronic design and determine one or more design violations based upon, at least in part, a structural observability filter. The at least one processor may be further configured to generate a violation trace based upon, at least in part, the one or more design violations and to display the violation trace at a graphical user interface configured to allow a user to debug the one or more design violations. The at least one processor may be further configured to allow the user to select at least one path to be waived at the graphical user interface and to generate a new violation trace without the at least one path to be waived.
One or more of the following features may be included. In some embodiments, the at least one processor may be configured to allow the user to correct a violation at the graphical user interface. The violation trace may include a violation starting point and at least one boundary signal. Allowing the user to select at least one path to be waived at the graphical user interface may include a plurality of paths. The at least one processor may be configured to allow the user to debug beginning at the boundary signal after the new violation trace without the at least one path to be waived is generated. The at least one processor may be configured to display the at least one boundary signal at the graphical user interface.
Additional features and advantages of embodiments of the present disclosure will be set forth in the description which follows, and in part will be apparent from the description, or may be learned by practice of embodiments of the present disclosure. The objectives and other advantages of the embodiments of the present disclosure may be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory and are intended to provide further explanation of embodiments of the invention as claimed.
BRIEF DESCRIPTION OF THE DRAWINGS
The accompanying drawings, which are included to provide a further understanding of embodiments of the present disclosure and are incorporated in and constitute a part of this specification, illustrate embodiments of the present disclosure and together with the description serve to explain the principles of embodiments of the present disclosure.
FIG. 1 is a diagram depicting an embodiment of a system in accordance with the present disclosure;
FIG. 2 is a flowchart depicting operations consistent with the debugging process in accordance with an embodiment of the present disclosure;
FIG. 3 is a flowchart depicting operations consistent with the debugging process in accordance with an embodiment of the present disclosure;
FIG. 4 is a diagram depicting an embodiment in accordance with the present disclosure;
FIG. 5 is a diagram depicting an embodiment in accordance with the present disclosure;
FIG. 6 is a diagram depicting an embodiment in accordance with the present disclosure;
FIG. 7 is a diagram depicting an embodiment in accordance with the present disclosure;
FIG. 8 is a flowchart depicting operations consistent with the debugging process in accordance with an embodiment of the present disclosure;
FIG. 9 is an embodiment depicting a graphical user interface in accordance with the present disclosure;
FIG. 10 is an embodiment depicting a graphical user interface in accordance with the present disclosure;
FIG. 11 is an embodiment depicting a graphical user interface in accordance with the present disclosure; and
FIG. 12 is an embodiment depicting a graphical user interface in accordance with the present disclosure.
 DETAILED DESCRIPTION
Embodiments of the debugging process described herein may help the user in the debugging process of observable violations. Embodiments included herein may be configured to show the user relevant paths (e.g., from violation point to the boundary), offering a step-by-step debugging of each path while also providing the user with the option of waiving paths.
Reference will now be made in detail to the embodiments of the present disclosure, examples of which are illustrated in the accompanying drawings. The present disclosure may, however, be embodied in many different forms and should not be construed as being limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the disclosure to those skilled in the art.
As will be appreciated by one skilled in the art, the present disclosure may be embodied as a method, system, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment (including firmware, resident software, micro-code, etc.) or an embodiment combining software and hardware aspects that may all generally be referred to herein as a “circuit,” “module” or “system.” Furthermore, the present disclosure may take the form of a computer program product on a computer-usable storage medium having computer-usable program code embodied in the medium.
As used in any embodiment described herein, “circuitry” may include, for example, singly or in any combination, hardwired circuitry, programmable circuitry, state machine circuitry, and/or firmware that stores instructions executed by programmable circuitry. It should be understood at the outset that any of the operations and/or operative components described in any embodiment herein may be implemented in software, firmware, hardwired circuitry and/or any combination thereof.
Any suitable computer usable or computer readable medium may be utilized. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer-usable, or computer-readable, storage medium (including a storage device associated with a computing device or client electronic device) may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples (a non-exhaustive list) of the computer-readable medium may include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device. In the context of this document, a computer-usable, or computer-readable, storage medium may be any tangible medium that can contain, or store a program for use by or in connection with the instruction execution system, apparatus, or device.
A computer readable signal medium may include a propagated data signal with computer readable program coded embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations of the present invention may be written in an object oriented programming language such as Java, Smalltalk, C++ or the like. However, the computer program code for carrying out operations of the present invention may also be written in conventional procedural programming languages, such as the “C” programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through a local area network (LAN) or a wide area network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet Service Provider).
The present disclosure is described below with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instructions which implement the function/act specified in the flowchart and/or block diagram block or blocks.
The computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
One or more hardware description languages may be used in accordance with the present disclosure. Some hardware description languages may include, but are not limited to, Verilog, VHDL, SystemC, SystemVerilog and Verilog-AMS. Various other hardware description languages may also be used as well.
Referring to FIG. 1, there is shown a debugging process 10 that may reside on and may be executed by server computer 12, which may be connected to network 14 (e.g., the Internet or a local area network). Examples of server computer 12 may include, but are not limited to: a personal computer, a server computer, a series of server computers, a mini computer, and a mainframe computer. Server computer 12 may be a web server (or a series of servers) running a network operating system, examples of which may include but are not limited to: ANDROID™, iOS™ Microsoft® Windows® Server; Novell® NetWare®; or Red Hat® Linux®, for example. (Microsoft and Windows are registered trademarks of Microsoft Corporation in the United States, other countries or both; Novell and NetWare are registered trademarks of Novell Corporation in the United States, other countries or both; Red Hat is a registered trademark of Red Hat Corporation in the United States, other countries or both; and Linux is a registered trademark of Linus Torvalds in the United States, other countries or both.) Additionally/alternatively, debugging process 10 may reside on and be executed, in whole or in part, by a client electronic device, such as a personal computer, notebook computer, personal digital assistant, or the like.
The instruction sets and subroutines of debugging process 10, which may include one or more software modules, and which may be stored on storage device 16 coupled to server computer 12, may be executed by one or more processors (not shown) and one or more memory modules (not shown) incorporated into server computer 12. Storage device 16 may include but is not limited to: a hard disk drive; a solid state drive, a tape drive; an optical drive; a RAID array; a random access memory (RAM); and a read-only memory (ROM). Storage device 16 may include various types of files and file types including but not limited, to hardware description language (HDL) files, which may contain the port type descriptions and executable specifications of hardware blocks.
Server computer 12 may execute a web server application, examples of which may include but are not limited to: Microsoft IIS, Novell Webserver™, or Apache® Webserver, that allows for HTTP (i.e., HyperText Transfer Protocol) access to server computer 12 via network 14 (Webserver is a trademark of Novell Corporation in the United States, other countries, or both; and Apache is a registered trademark of Apache Software Foundation in the United States, other countries, or both). Network 14 may be connected to one or more secondary networks (e.g., network 18), examples of which may include but are not limited to: a local area network; a wide area network; or an intranet, for example.
Server computer 12 may execute an electronic design automation (EDA) application (e.g., EDA application 20), examples of which may include, but are not limited to those available from the assignee of the present application. EDA application 20 may interact with one or more EDA client applications (e.g., EDA client applications 22, 24, 26, 28) for electronic design optimization.
Debugging process 10 may be a stand alone application, or may be an applet/application/script that may interact with and/or be executed within EDA application 20. In addition/as an alternative to being a server-side process, debugging process 10 may be a client-side process (not shown) that may reside on a client electronic device (described below) and may interact with an EDA client application (e.g., one or more of EDA client applications 22, 24, 26, 28). Further, debugging process 10 may be a hybrid server-side/client-side process that may interact with EDA application 20 and an EDA client application (e.g., one or more of client applications 22, 24, 26, 28). As such, debugging process 10 may reside, in whole, or in part, on server computer 12 and/or one or more client electronic devices.
The instruction sets and subroutines of EDA application 20, which may be stored on storage device 16 coupled to server computer 12 may be executed by one or more processors (not shown) and one or more memory modules (not shown) incorporated into server computer 12.
The instruction sets and subroutines of EDA client applications 22, 24, 26, 28, which may be stored on storage devices 30, 32, 34, 36 (respectively) coupled to client electronic devices 38, 40, 42, 44 (respectively), may be executed by one or more processors (not shown) and one or more memory modules (not shown) incorporated into client electronic devices 38, 40, 42, 44 (respectively). Storage devices 30, 32, 34, 36 may include but are not limited to: hard disk drives; solid state drives, tape drives; optical drives; RAID arrays; random access memories (RAM); read-only memories (ROM), compact flash (CF) storage devices, secure digital (SD) storage devices, and a memory stick storage devices. Examples of client electronic devices 38, 40, 42, 44 may include, but are not limited to, personal computer 38, laptop computer 40, mobile computing device 42 (such as a smart phone, netbook, or the like), notebook computer 44, for example. Using client applications 22, 24, 26, 28, users 46, 48, 50, 52 may access EDA application 20 and may allow users to e.g., utilize debugging process 10.
Users 46, 48, 50, 52 may access EDA application 20 directly through the device on which the client application (e.g., client applications 22, 24, 26, 28) is executed, namely client electronic devices 38, 40, 42, 44, for example. Users 46, 48, 50, 52 may access EDA application 20 directly through network 14 or through secondary network 18. Further, server computer 12 (i.e., the computer that executes EDA application 20) may be connected to network 14 through secondary network 18, as illustrated with phantom link line 54.
The various client electronic devices may be directly or indirectly coupled to network 14 (or network 18). For example, personal computer 38 is shown directly coupled to network 14 via a hardwired network connection. Further, notebook computer 44 is shown directly coupled to network 18 via a hardwired network connection. Laptop computer 40 is shown wirelessly coupled to network 14 via wireless communication channel 66 established between laptop computer 40 and wireless access point (i.e., WAP) 68, which is shown directly coupled to network 14. WAP 68 may be, for example, an IEEE 802.11a, 802.11b, 802.11g, Wi-Fi, and/or Bluetooth device that is capable of establishing wireless communication channel 66 between laptop computer 40 and WAP 68. Mobile computing device 42 is shown wirelessly coupled to network 14 via wireless communication channel 70 established between mobile computing device 42 and cellular network/bridge 72, which is shown directly coupled to network 14.
As is known in the art, all of the IEEE 802.11x specifications may use Ethernet protocol and carrier sense multiple access with collision avoidance (i.e., CSMA/CA) for path sharing. The various 802.11x specifications may use phase-shift keying (i.e., PSK) modulation or complementary code keying (i.e., CCK) modulation, for example. As is known in the art, Bluetooth is a telecommunications industry specification that allows e.g., mobile phones, computers, and personal digital assistants to be interconnected using a short-range wireless connection.
Client electronic devices 38, 40, 42, 44 may each execute an operating system, examples of which may include but are not limited to Microsoft Windows, Microsoft Windows CE®, Red Hat Linux, or other suitable operating system. (Windows CE is a registered trademark of Microsoft Corporation in the United States, other countries, or both.).
In some embodiments, debugging process 10 may utilize structural observability filtering approaches. These may include providing an electronic design and performing formal verification of at least a portion of the electronic design having an original property. Embodiments may further include analyzing at least one output net bit associated with a check of the electronic design. Embodiments may also include generating a structural observability expression, based upon, at least in part, the at least one output net bit and setting the structural observability expression as a precondition to the original property. Additional information regarding structural observability filtering may be found in U.S. application Ser. No. 15/808,094 filed on Nov. 9, 2017, which is herein incorporated by reference in its entirety.
As discussed above, prelayout design rule checking, sometimes referred to as linting, may produce many checks out of which a large number of violations might be reported. Designers are often unhappy with the large number of violations that such tools report and would like the tools to filter noise more adequately.
As used herein, a rule or check may refer to an algorithm that is configured to verify a specific potential violation in the RTL. Part of those checks may be based on structural analysis while others are using formal methods to verify and report violations.
In some embodiments, the observability filtering may be related to formal check types (e.g., assertions, etc.). The check types applying this filter may include, but is not limited to, arithmetic overflow checks, out of bound checks, bus contention checks, floating bus checks, x assignment checks, unreachable default case checks, etc. Each of these is discussed in further detail below.
In some embodiments, an arithmetic overflow check may be configured to confirm that the RTL contains no errors that could cause the array to overflow. For example, in the following code snippet, the value of out must never fold to 4 b0000 when you add 1 b1:
    • logic [3:0] d_array;
    • out=d_array+1 b1;
A violation indicates an RTL error, which may cause the array to overflow.
In some embodiments, an out-of-bound indexing check may be configured to confirm that expressions and arrays are indexed within the defined range. For example, in the following code snippet, the index i must be in the range from 0 to 3:
    • logic [3:0] d_array;
    • out=d_array[i];
A violation might indicate an RTL error, which can cause indexing of an undefined element in the array.
In some embodiments, a bus contention check may be configured to check for a scenario where more than one active driver for the bus is present. A floating bus check may be configured to check for a scenario where a bus is without a driver. An x assignment check may be configured to confirm that x variables cannot be reached. If an x-assignment is reachable, it becomes an active source of x, and can lead to unexpected functionality. An unreachable default case check may be configured to confirm that default case statements cannot be reached. Violations could be the result of an incompletely specified case.
In some embodiments, one or more filters may be configured to filter failed assertions if a failure is not observed on the nearest registers (e.g., flop/latch) or on the primary outputs. In some embodiments, debugging process 10, including the structural observability filter technology described herein, may be configured to calculate the SystemVerilog (“SVA”) expression for the observability of the check output and add it to the assertion as a precondition. Accordingly, all the non-observed failures may be filtered.
Existing tools are not filtering the failures that are producing large noise. Alternatively, they may be using formal propagation methods that take too much time attempting to filter the non propagating failures. As such, these tools are just automatically creating assertions to check potential failures without considering the user responsible for the code of those failures.
Accordingly, in some embodiments, debugging process 10 may include a structural observability filter configured to perform structural analysis starting from the checks output net bit and to calculate the structural observability expression for all of the nearest flops, latches and primary outputs.
In some embodiments, these calculations may consider all Muxes selectors in the paths as well as local expressions of AND, OR, NAND, and/or NOR statements if the designer is grading the failure by masking the statement with AND for example, then the solution will consider this in the filtering expression.
For example, if the tool is checking an arithmetic overflow for:
assign c⇐(a+b); and is creating the property p1. Then, if the assertion p1 fails the tool may report a violation. Assuming that when p1 is failing the designer has a “cond1”, “cond2” which are guarding the propagation of the overflow—
assign c⇐cond1 & (a+b);
. . .
always . . . if (cond2) flop⇐c;
Accordingly, the structural observability filter may calculate the observability expression “cond1 & cond2” and modify the assertion to: “(cond1 && cond2)|→p1 so that the violation would be received if it only happens when the guarding condition is true. The solution considers for the observability condition all the conditions of the Muxes to all paths and also the local conditions with and, or . . . etc. masking.
In some embodiments, when adding the preconditions to the assertions, only the propagated failures may be reported while the non-propagated assertions will pass.
In some embodiments, there are a number of motivations for addressing the observability and noise reduction concepts described herein. For example, each arithmetic operation may cause an overflow/underflow. When a signal indexing is used to read a value from an array, the index-signal may overflow from the bounds of the array, that would be replaced by an ‘x’ value. However, the customer may have resolved the issue of using the wrong values by masking the reading of the output signal value by conditions. As such, the overflow will not propagate to a flop/latch or primary-output. Accordingly, the counterexamples (“CEXs”) of these cases are noise that should be filtered.
In some embodiments, debugging process 10 may be configured to mask the property definition by an expression of observability of the output signal to closer flops/latches or primary-output. For example: assign a={N{condition}} & (b+c). Here, the definition will be “condition|→overflow check” instead of “overflow_check”. The output may be observable only if the condition was 1′b1 otherwise no need to check the overflow.
In some embodiments, debugging process 10 may include traversing on one or more outputs of the operations. Building the observability expression which includes all conditions on Muxes, selectors and some local gates which are common coding style for masking overflows (e.g., AND, OR, NAND, NOR, etc.). Debugging process 10 may be configured to consider multiple paths for propagation (e.g., path1, path2, or pathN). Debugging process 10 may be configured to stop on one or more boundaries. Some of these may include, but are not limited to, flop, latch, primary output, black box input, etc. In each step the expression may be built and optimized using binary decision diagrams (“BDDs”). The final observability expression “E” may be added as a precondition to the original property “P”: E|→P.
In some embodiments, debugging process 10 may include analyzing at least one output net bit associated with a check of the electronic design. Some checks may include, but are not limited to, arithmetic checks, out of bound indexing, x-assignment unreachability, etc. Any arithmetic check may be used in accordance with this disclosure, some of which may include, but are not limited to, a MUX, selector, AND, OR, NAND, NOR gate, etc.
Referring also to FIG. 2, an exemplary flowchart 200 depicting operations consistent with debugging process 10 is provided. Operations may include providing (202), using at least one processor, an electronic design and performing (204) formal verification of at least a portion of the electronic design having an original property of potential x-value/z-value/overflow (underflow) bits. Embodiments may further include analyzing (206) all output net-bits associated with the arithmetic operation, non-constant indexing, floating bus and/or multi-driven signal of the electronic design. Embodiments may also include generating (208) a structural observability expression, based upon, at least in part, the at least one output net bit and setting (210) the structural observability expression as antecedent and the original property as consequent. In some embodiments, the observability-expression may correspond to the original-expression-of-the-check.
Referring also to FIG. 3, a diagram 300 depicting an example consistent with embodiments of debugging process 10 is provided.
Filtering arithmetic overflow:
module top (input [3:0] a, input [3:0] b, input c, output [3:0] out);
logic [3:0] a;
logic [3:0] b;
logic [3:0] out;
logic c;
assign out=(c? a+b: 4′b0);
endmodule
    • 1) Recognizing arithmetic overflow check: a+b
    • 2) Computing the observability expression of the output net of the add gate: {c c}
      • The observability expression is: (c1c1c1c)⇒c
    • 3) The original expression is ˜Bit(5, {{1′b0, a}+{1′b0, b}})
      • the observability expression is (c)
      • the generated check is: c1→˜Bit (5, {{1′b0, a}+{1′b0, b}})
    • 4) In cycles that the signal c is 1′b0 (low value).
      • Then the check will be filtered.
      • If the possible values of the signals are:
      • 1) a=4′b1010, b=4′b0101, c=1′b1
      • 2) a=4′b1110, b=4′b0111, c=1′b0
In contrast, without filtering (using observability) a counterexample (“CEX”) may be obtained with trace: a=4′b1110, b=4′b0111. However, when observability filtering is on, the check status will be proven.
Embodiments of debugging process 10 provide numerous advantages over prior techniques. For example, the structural observability filter may reduce the noise with much higher performance and less time than other formal and functional methods. Current implementations don't filter violations based on observability. Other techniques check for the observability by functional and formal propagation methods which takes much more time and performance.
Referring now to FIG. 4, an exemplary flowchart 400 depicting operations consistent with debugging process 10 is provided. Debugging process 10 may be configured to help debug observable violations by path highlighting and path waiving. Debugging process 10 may include providing 402, using a processor, an electronic design and determining 404 one or more design violations based upon, at least in part, a structural observability filter. Embodiments may also include generating 406 a violation trace based upon, at least in part, the one or more design violations and displaying 408 the violation trace at a graphical user interface configured to allow a user to debug the one or more design violations. Embodiments may further include allowing 410 the user to select at least one path to be waived at the graphical user interface and generating 412 a new violation trace without the at least one path to be waived.
As discussed above, embodiments of debugging process 10 may be configured to allow a user to debug observable violations. Debugging process 10 may operate in conjunction with EDA application 20 to filter ignorable violations. Accordingly, embodiments included herein may generate properties with an observability condition. The observability condition may be used to check whether or not the design error propagates to a boundary (e.g., flop, latch, primary output, black-box input).
For example, assume OBS→P where P is a design error and OBS is the observability condition. If the observability condition is never met (OBS→P) will be proven, so the design error never propagates to some boundary. As used herein, an “Observable Violation” may refer to a failed assertion (P) with an observability condition (OBS). In operation, embodiments of debugging process 10 may allow a user to debug the observable violation using a trace that represents one possible scenario where P propagated to a boundary.
Referring now to FIGS. 5-7, embodiments of the present disclosure showing an example debugging process 10 are provided. The debugging of an observable violation may be performed on a failure trace using a register-transfer-level (“RTL”) debug tool (e.g., EDA application 20) with driver tracing capabilities. In this way, a user may follow the logic that caused a signal to receive a certain value at a certain time/cycle.
In some embodiments, debugging process 10 may be configured to allow for path debugging using a failure trace. In this way, when a trace is available, it shows a scenario where the violation propagated to some boundary. The user may want to know what boundaries were affected and how. Once the trace is available, debugging process 10 may be configured to check the paths against the given trace, following the paths which evaluate to true in the given trace and extracting the boundaries (end points of the paths). Paths that did not evaluate to true on the given trace may be ignored. The boundary signals may be added to the trace and visible to the user in the RTL debug tool (e.g., EDA application 20). Accordingly, the user may now debug a path starting from the boundary signal using driver tracing, and debugging process 10 may hint which signal on the path is the next to debug. This provides the user with a step-by-step path debugging process, starting from the boundary where the failure is visible, back to the starting point of the failure.
Referring again to FIG. 5, an embodiment of debugging process 10 showing an example having multiple paths between a violation starting point and one or more boundary signals. Debugging process 10 is based on the observability condition of the violation. Since it is structurally composed of all the paths of the propagation (e.g., path1 or path2 . . . or pathN). In this particular example eight paths are shown that start from the violation starting point (e.g., red node) and end at the boundary signals (e.g., two yellow nodes).
In operation, and in some embodiments, all paths may be evaluated against the trace. Only the paths which evaluated to true may be reported back to the user. In this example, there are only two paths which lead to the same boundary (e.g., purple nodes).
Referring also to FIG. 6, an embodiment of debugging process 10 showing an example having multiple paths between a violation starting point and one or more boundary signals. In this example, the user may be shown where to debug next, here depicted by the numbered nodes #1-3, etc. Tracing back step-by-step EDA application 20 may hint and assist the user in reaching the violation point (red node).
In some embodiments, the user may determine a path is false or irrelevant during the debugging and embodiments included herein may allow the user to waive a path and get a new failure trace (if exists) which again may highlight the relevant boundary signals and the paths that are valid based on the new trace. This may be achieved by creating a new observability condition that excludes the waived path. The process may be iterative in nature as the user may continue to debug and waive, until either a real bug is found or the violation is no longer generated. In other words, and as shown in FIG. 7, a new trace may be generated and the user may continue with the debugging until a true failure is located and fixed or until all paths are waived (e.g., the property will be proven).
Referring now to FIG. 8, a flowchart 800 showing a number of operations consistent with embodiments of debugging process 10 is provided. Suppose the user decided one or more paths are irrelevant and waives them. A new property may be created excluding the waived paths. If the property is proven, the user may stop the debugging process. If not, a new trace will be generated. If a new trace was generated, the user may continue in the debugging process until a true failure is found (and fixed), or until all paths are waived (property will be proven).
Referring not to FIGS. 9-12, embodiments of debugging process 10 showing graphical user interfaces consistent with embodiments of the present disclosure are provided. As shown in FIG. 9, a user may select one or more violations for analysis (e.g., via EDA application 20) from a portion of a graphical user interface 900. In response to that selection, the graphical user interface 1000 may display all boundary signals at interface 1000, which may also be configured to show the violation cycle, propagation cycle (to the boundary), etc. The boundary signal in this example may refer to a particular flop. As shown in FIG. 11, the propagation cycle may be highlighted for the user to review. FIG. 12 shows the user that the specific violation is an arithmetic overflow and presents that to the user at graphical user interface 1200.
In operation, a user may be presented with a violation as is shown in the GUI portion of FIG. 9. The user may select the violation and a corresponding trace may be shown in FIG. 10. This trace shows the boundary signal/s the violation propagated to. A cycle in the trace may be highlighted with red to denote the user, this is the cycle to start the debugging process. The user may then select the cycle and perform a “why” operation. A “why” operation may perform driver tracing to show why a specific signal received a certain value at a certain time, based on the given trace and the RTL itself. FIG. 11 displays the starting of the path (from the boundary back to the violation starting point). The user may continue to view the path and trace it back to the violation starting point as is shown in FIG. 12.
Accordingly, embodiments of debugging process 10 may offer forward debugging by backward debugging methods. Embodiments included herein are structurally-based, and may provide all the possible paths for a given violation trace while also allowing the user to traverse the path incrementally. Embodiments of debugging process 10 may also enable waiving of one path or more, to filter out irrelevant paths, so the user may obtain a real trace for debugging or verify that the violation is not a design error.
It will be apparent to those skilled in the art that various modifications and variations can be made in the embodiments of the present disclosure without departing from the spirit or scope of the present disclosure. Thus, it is intended that embodiments of the present disclosure cover the modifications and variations provided they come within the scope of the appended claims and their equivalents.

Claims (14)

What is claimed is:
1. A computer-implemented method for electronic design verification comprising:
providing, using a processor, an electronic design;
determining one or more design violations based upon, at least in part, a structural observability filter;
generating a violation trace based upon, at least in part, the one or more design violations, wherein the violation trace includes a violation starting point and at least one boundary signal;
displaying the violation trace at a graphical user interface configured to allow a user to debug the one or more design violations;
allowing the user to select at least one path to be waived at the graphical user interface;
generating a new violation trace without the at least one path to be waived; and
allowing the user to debug beginning at the boundary signal after the new violation trace without the at least one path to be waived is generated.
2. The computer-implemented method of claim 1, further comprising:
allowing the user to correct a violation at the graphical user interface.
3. The computer-implemented method of claim 1, wherein allowing the user to select at least one path to be waived at the graphical user interface includes a plurality of paths.
4. The computer-implemented method of claim 1, further comprising:
displaying the at least one boundary signal at the graphical user interface.
5. The computer-implemented method of claim 1, further comprising:
displaying at least a portion of the violation trace at the graphical user interface.
6. A non-transitory computer-readable storage medium for electronic design verification, the computer-readable storage medium having stored thereon instructions that when executed by a machine result in one or more operations, the operations comprising:
providing, using a processor, an electronic design;
determining one or more design violations based upon, at least in part, a structural observability filter;
generating a violation trace based upon, at least in part, the one or more design violations, wherein the violation trace includes a violation starting point and at least one boundary signal;
displaying the violation trace at a graphical user interface configured to allow a user to debug the one or more design violations;
allowing the user to select at least one path to be waived at the graphical user interface;
generating a new violation trace without the at least one path to be waived; and
allowing the user to debug beginning at the boundary signal after the new violation trace without the at least one path to be waived is generated.
7. The computer-readable storage medium of claim 6, further comprising:
allowing the user to correct a violation at the graphical user interface.
8. The computer-readable storage medium of claim 6, wherein allowing the user to select at least one path to be waived at the graphical user interface includes a plurality of paths.
9. The computer-readable storage medium of claim 6, further comprising:
displaying the at least one boundary signal at the graphical user interface.
10. The computer-readable storage medium of claim 6, further comprising:
displaying at least a portion of the violation trace at the graphical user interface.
11. A system for electronic design verification comprising:
a computing device having at least one processor configured to provide an electronic design and determine one or more design violations based upon, at least in part, a structural observability filter, the at least one processor further configured to generate a violation trace based upon, at least in part, the one or more design violations, wherein the violation trace includes a violation starting point and at least one boundary signal, and to display the violation trace at a graphical user interface configured to allow a user to debug the one or more design violations, the at least one processor further configured to allow the user to select at least one path to be waived at the graphical user interface and to generate a new violation trace without the at least one path to be waived, the at least one processor further configured to allow the user to debug beginning at the boundary signal after the new violation trace without the at least one path to be waived is generated.
12. The system of claim 11, further comprising:
allowing the user to correct a violation at the graphical user interface.
13. The system of claim 11, wherein allowing the user to select at least one path to be waived at the graphical user interface includes a plurality of paths.
14. The system of claim 13, further comprising:
displaying the at least one boundary signal at the graphical user interface.
US16/148,203 2018-10-01 2018-10-01 System, method, and computer program product for debugging one or more observable failures in a formal verification Active US10769333B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US16/148,203 US10769333B1 (en) 2018-10-01 2018-10-01 System, method, and computer program product for debugging one or more observable failures in a formal verification

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US16/148,203 US10769333B1 (en) 2018-10-01 2018-10-01 System, method, and computer program product for debugging one or more observable failures in a formal verification

Publications (1)

Publication Number Publication Date
US10769333B1 true US10769333B1 (en) 2020-09-08

Family

ID=72290081

Family Applications (1)

Application Number Title Priority Date Filing Date
US16/148,203 Active US10769333B1 (en) 2018-10-01 2018-10-01 System, method, and computer program product for debugging one or more observable failures in a formal verification

Country Status (1)

Country Link
US (1) US10769333B1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11514218B1 (en) * 2021-07-30 2022-11-29 Cadence Design Systems, Inc. System and method for performing static timing analysis of electronic circuit designs using a tag-based approach

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7421668B1 (en) * 2004-12-08 2008-09-02 Jasper Design Automation, Inc. Meaningful visualization of properties independent of a circuit design
US8103999B1 (en) * 2007-06-15 2012-01-24 Jasper Design Automation, Inc. Debugging of counterexamples in formal verification
US20140130000A1 (en) * 2012-11-07 2014-05-08 Lsi Corporation Structural rule analysis with tcl scripts in synthesis or sta tools and integrated circuit design tools
US8863049B1 (en) * 2010-12-06 2014-10-14 Jasper Design Automation, Inc. Constraining traces in formal verification
US20170161403A1 (en) * 2015-12-04 2017-06-08 Mentor Graphics Corporation Assertion statement check and debug

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7421668B1 (en) * 2004-12-08 2008-09-02 Jasper Design Automation, Inc. Meaningful visualization of properties independent of a circuit design
US8103999B1 (en) * 2007-06-15 2012-01-24 Jasper Design Automation, Inc. Debugging of counterexamples in formal verification
US8863049B1 (en) * 2010-12-06 2014-10-14 Jasper Design Automation, Inc. Constraining traces in formal verification
US20140130000A1 (en) * 2012-11-07 2014-05-08 Lsi Corporation Structural rule analysis with tcl scripts in synthesis or sta tools and integrated circuit design tools
US20170161403A1 (en) * 2015-12-04 2017-06-08 Mentor Graphics Corporation Assertion statement check and debug

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11514218B1 (en) * 2021-07-30 2022-11-29 Cadence Design Systems, Inc. System and method for performing static timing analysis of electronic circuit designs using a tag-based approach

Similar Documents

Publication Publication Date Title
US6931611B2 (en) Design verification system for avoiding false failures and method therefor
US9443044B2 (en) Determining a quality parameter for a verification environment
US8990746B1 (en) Method for mutation coverage during formal verification
US7587690B1 (en) Method and system for global coverage analysis
US8910099B1 (en) Method for debugging unreachable design targets detected by formal verification
US10169495B2 (en) Method for verifying hardware/software co-designs
US20100313175A1 (en) Verification systems and methods
US9043746B2 (en) Conducting verification in event processing applications using formal methods
US10515169B1 (en) System, method, and computer program product for computing formal coverage data compatible with dynamic verification
US9483595B2 (en) Method for scalable liveness verification via abstraction refinement
US10769333B1 (en) System, method, and computer program product for debugging one or more observable failures in a formal verification
US8413091B2 (en) Enhancing redundancy removal with early merging
US10380301B1 (en) Method for waveform based debugging for cover failures from formal verification
US9495504B2 (en) Using traces of original model to verify a modified model
US9373077B1 (en) System and method for identifying constraint solver calls
US9600616B1 (en) Assuring chip reliability with automatic generation of drivers and assertions
US10706195B1 (en) System, method, and computer program product for over-constraint/deadcode detection in a formal verification
US10452798B1 (en) System, method, and computer program product for filtering one or more failures in a formal verification
US10460060B2 (en) Checking equivalence between changes made in a circuit definition language and changes in post-synthesis nets
US10540467B1 (en) System, method, and computer program product for handling combinational loops associated with the formal verification of an electronic circuit design
US10546083B1 (en) System, method, and computer program product for improving coverage accuracy in formal verification
CN109933948B (en) Form verification method, device, form verification platform and readable storage medium
US10482206B1 (en) System, method, and computer program product for providing feedback during formal verification
US10769008B1 (en) Systems and methods for automatic formal metastability fault analysis in an electronic design
US10783305B1 (en) System, method, and computer program product for handling combinational loops associated with the formal verification of an electronic circuit design

Legal Events

Date Code Title Description
FEPP Fee payment procedure

Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

STCF Information on status: patent grant

Free format text: PATENTED CASE

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 4